Skip to content

Exploitation of Critical Vulnerability in End-of-Life VMware Product Ongoing “Are You Ready To Take The Leap? The Benefits of Making a Career Change”

Wallarm Detect, a firm that specializes in detecting application vulnerabilities, has issued a warning about the current exploitation of a crucial flaw in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).

Tracked as CVE-2021-39144 (CVSS score of 9.8), the issue was disclosed in October 2022, when VMware announced patches for it, although the affected product had reached end-of-life (EOL) status in January 2022.

The security defect was identified in the XStream open source library that supports the serialization of objects to XML and back. The vulnerability impacts XStream version 1.4.17 and older.

VMware announced patches for this vulnerability on October 25. Two days later, the company updated its advisory to warn that proof-of-concept (PoC) code targeting the vulnerability had been released.

The issue was addressed along with CVE-2022-31678, a medium-severity XML External Entity (XXE) flaw that could allow an unauthenticated attacker to cause a denial-of-service (DoS) condition.

On Monday, Wallarm Detect revealed that, since December 2022, it has been observing ongoing exploitation of these vulnerabilities in the VMware NSX Manager network virtualization and security solution.

Wallarm Detect says it observed a peak in exploitation attempts in late December, at over 4,600 attacks per day, but that the number decreased in late January, to an average of 500 attacks per day.

“If successfully exploited, the impact of these vulnerabilities could be catastrophic, allowing attackers to execute arbitrary code, steal data, and/or take control of the network infrastructure,” the company notes.

It is also worth noting that Wallarm Detect is assessing the severity of these two vulnerabilities differently than VMware. In NSX Manager, the firm says, CVE-2022-31678 has a CVSS score of 9.1, which makes it critical, while CVE-2021-39144 has a CVSS score of 8.5, making it ‘high severity’.

Wallarm Detect has warned of ongoing exploitation of a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V). The vulnerability, tracked as CVE-2021-39144, was disclosed in October 2022, but has been exploited in the wild since December 2022. It gives attackers the ability to execute arbitrary code, steal data, and take control of the network infrastructure. Wallarm Detect is assessing the severity of the two flaws differently than VMware, with CVE-2022-31678 having a CVSS score of 9.1 and CVE-2021-39144 having a CVSS score of 8.5.

Key Points:

  • CVE-2021-39144 is a critical vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).
  • The vulnerability was disclosed in October 2022, but has been actively exploited since December 2022.
  • If successfully exploited, the impact of these vulnerabilities could be catastrophic, allowing attackers to execute arbitrary code, steal data, and/or take control of the network infrastructure.
  • CVE-2022-31678 has a CVSS score of 9.1, and CVE-2021-39144 has a CVSS score of 8.5.

Leave a Reply

Your email address will not be published. Required fields are marked *